<?php
include('common/constants.php');
include('common/db.php');
session_start();



if (!isset( $_GET )){
	echo "Nothing to save."; 
}
$input_arr = array();
foreach ($_GET as $key => $input_arr) {
	$_GET[$key] = addslashes(htmlspecialchars($input_arr));
}

$advert_id = $_GET['advert_id'];


$desired_route = $_GET['desiredRoute'];

$slctSql = " SELECT advert_id FROM reservation where email='". $_SESSION['user_email']. "' AND advert_id = '". $advert_id. "'";
$result = mysql_query($slctSql) or trigger_error(mysql_error());
$num = mysql_num_rows($result);
//echo $slctSql;
if ($num != 0) {
	//echo "Record for this user is already in DB. Updating the existing one...";
	if ($_GET['desiredRoute'] != "") {
		$updateSql = "UPDATE `reservation` SET `seat_count`=seat_count + 1, `desired_route`= '{$_GET['desiredRoute']}'  WHERE `email`='". $_SESSION['user_email']. "' AND advert_id = '". $advert_id. "'";
	} else {
		$updateSql = "UPDATE `reservation` SET `seat_count`=seat_count + 1  WHERE `email`='". $_SESSION['user_email']. "' AND advert_id = '". $advert_id. "'";
	}
	
	if(mysql_query($updateSql)){
		//echo "Update successfull.";
	}else{
		//echo "Update failed.";
	}
	
}else if ($num == 0) {
	//echo "Not existing records in DB. Creating a new one...";
	if ($_GET['desiredRoute'] != "") {
		$sql = "INSERT INTO `reservation`(`email`, `advert_id`, `reservation_status`, `seat_count`, `desired_route`) VALUES('". $_SESSION['user_email'] ."', '{$_GET['advert_id']}', 'open', '1', '{$_GET['desiredRoute']}');";
	} else {
		$sql = "INSERT INTO `reservation`(`email`, `advert_id`, `reservation_status`, `seat_count`) VALUES('". $_SESSION['user_email'] ."', '{$_GET['advert_id']}', 'open', '1');";
	}
	
	//echo "SQL : " . $sql;
	if(mysql_query($sql)){
		//echo "success";
	}else{
		//echo "fail";
	}
}

//echo $sql;

//if(mysql_query($sql)){
//	$res_id = mysql_insert_id();
	//foreach ($seats as $key => $value) {
	
	//addLike($_GET['advert_id'], $_GET['seat']);
	$sql2 = " SELECT email, name FROM `user` WHERE email in (select email from `advertisement` WHERE advert_id='{$_GET['advert_id']}');";
	//echo $sql2;
	$result = mysql_query($sql2);
	//echo $sql2;
	$subject = "CarPooling.lk - Reservation request";

	$message = '';
	$message .= 'Hi ' . mysql_result($result, 0, 'name') . ", <br />";
	$message .= "A seat has been booked. Please log into your carpooling.lk account to see details. <br />";
	//$to = CONTACT_INTERNAL_LIST;
	$to = mysql_result($result, 0, 'email'); // TO Address field
	$headers = "From: " . CONTACT_MAIL_FROM . "\r\n";
	$headers .= 'Cc: ' . CONTACT_MAIL_INTERNAL_CC . "\r\n";
	$headers .= 'Bcc: ' . CONTACT_MAIL_INTERNAL_BCC . "\r\n";
	//$headers .= "Reply-To: ". strip_tags($_POST['req-email']) . "\r\n";
	$headers .= "MIME-Version: 1.0\r\n";
	$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
		
	if (mail($to, $subject, $message, $headers)) {
		//echo 'Your message has been sent.';
	} else {
		//echo 'There was a problem sending the email.';
	}
	echo "success";

	//}else{
	//	echo "fail";
	//}
	
	//$sql2 = " UPDATE `seat` set seat_status='taken' where advert_id='{$_GET['advert_id']}' and seat_number='{$_GET['seat']}' ";

	function addLike($advert_id, $seat_ids){
	
		$slctSql = " SELECT * FROM notification where user_id='". $_SESSION['user_email']. "' AND advert_id = '". $advert_id. "'";
		$result = mysql_query($slctSql) or trigger_error(mysql_error());
		$num = mysql_num_rows($result);
	
		if ($num != 0) {
			//echo "Record for this user is already in DB. Updating the existing one...";
			$updateSql = "UPDATE `notification` SET `seat_no`=seat_no + 1  WHERE `user_id`='". $_SESSION['user_email']. "' AND advert_id = '". $advert_id. "'";
			if(mysql_query($updateSql)){
				//echo "Update successfull.";
			}else{
				//echo "Update failed.";
			}
			
		}else if ($num == 0) {
			//echo "Not existing records in DB. Creating a new one...";
			
			$sql3 = "INSERT INTO `notification`(`advert_id`, `seat_no`, `user_id`) ";
			$sql3 .= " VALUES('{$advert_id}', '1', '{$_SESSION['user_email']}')";
	
			if(mysql_query($sql3)){
				//echo "success";
			}else{
				//echo "fail";
			}
		}
	}
	
	function reserveSeats($res_id, $seat_ids){
		$sql = " INSERT INTO `reservation_seat` (reservation_id, seat_number) values('". $res_id . "', '". $seat_ids ."') ";
		if(mysql_query($sql)){
			return true;
		}else{
			return false;
		}
	}
	
	function getReservationOwnerEmail($res_id){
		$sql = " SELECT `email` FROM `reservation` WHERE reservation_id='". $res_id ."';";
		if($result = mysql_query($sql)){
			return mysql_result($result, 0);
		}
	}